Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Form-Based Authentication and JDBC Connection Pool

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I�m trying to figure out how to pass the user�s ID and password, using form-based authentication and file realm, to our JDBC connection. I realize the users will have to keep their file realm ID and password synchronized with their database ID and password, but we have no choice because the database is RACF protected making JDBC realm out of the question. We have a Web application running on a Sun Application Server. This application is basically a report generator. Based on user inputs, the application will query a DB2 database on an IBM mainframe, and then display the results. Our requirements are that we have to pass the user�s ID and password to the database. I have a connection pool configured, although I�m not quite sure that makes any sense because how can the application server keep a pool of connections when we don�t provide a user ID and password with the connection pool properties? Anyway, I�ve searched high and low to figure out how to connect the user ID and password taken from the form, down to the JDBC connection. I�ve read somewhere that once we let the container handle authentication; we no longer have access to the user ID and password through the code. Currently we are temporarily disabling the form-based authentication and grabbing the user ID and password and passing it on down through the code to the JDBC connection, but that doesn�t sound correct and I would like to fix it. If anybody knows the answer, I would appreciate the help. Thanks!
 
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

I have a connection pool configured, although I�m not quite sure that makes any sense because how can the application server keep a pool of connections when we don�t provide a user ID and password with the connection pool properties?


That's correct, the connection pool abstracts away from individual users. If everyone has their own password, then you need to create a new connection (or connection pool, although that might be overkill or unfeasible) for every user.

I�ve read somewhere that once we let the container handle authentication; we no longer have access to the user ID and password through the code.


That's true for the servers I know, and that is, of course, the whole point of container-managed authentication.

Currently we are temporarily disabling the form-based authentication and grabbing the user ID and password and passing it on down through the code to the JDBC connection, but that doesn�t sound correct and I would like to fix it.


It seems weird, but that's because web auth and DB auth are two different things - it's very unusual for the accounts or password to be identical. That's why there is no ready-made integration between the two.
reply
    Bookmark Topic Watch Topic
  • New Topic